In May 2018, the European Union transformed its legislative landscape for data protection when it introduced the General Data Protection Regulation, or GDPR as it’s widely known. The regulation harmonized existing EU data protection laws to adapt in the modern digital age. Essentially, the GDPR puts customers in the data driver’s seat. Organizations must inform individuals about the type of data being collected, how they’re planning to use it, and provide them with a simple way to opt in and opt out. As a result, the GDPR sparks new security and privacy challenges for businesses across the world that process or store data of individuals located in the EU.
Where Does the Regulation Apply?
In the digital world of today, data flows freely across a borderless internet network across the globe. To ensure that personal data maintains its privacy, the territorial scope of the GDPR expands beyond the EU and also applies to Non-EU businesses that either:
- Offer goods or services to people in the EU; or
- Monitor the behavior of people in the EU, for example by using website cookies to track the online activity of consumers.
What are the Potential Penalties for Not Complying with GDPR?
Organizations that are unable to comply with GDPR face fines up to 4% their annual global turnover, or 20 million euros, whichever is higher, and that doesn’t include the cost of litigation.
What Does it Mean For Your Organization?
GDPR heightens the bar for compliance significantly. It requires greater openness and transparency – which means that the level of detail organizations are required to disclose in privacy policies and terms of notice regarding their processing activities has considerably increased. In addition, the new regulation places tougher restrictions on the use of personal data, especially in the context of direct marketing and the processing of employee data. To avoid non-compliance, contact our team of professionals at DPO Adviser to help get your organization in GDPR compliance today.